[Fred27]

That's really not what scopes are for either. There are a few people on this thread who are trying to politely explain that you haven't quite got what can be a reasonably tricky subject. You'd be well advised to step back a bit and read up on OpenID Connect rather than just digging in on your position and insisting everyone else is wrong.

[mswehli]

Ok... Getting a bit rude, so if you prefer we can end the discussion here, however first lets take a look at 2 links: https://oauth.net/2/scope/ "Scope is a mechanism in OAuth 2.0 to limit an application's access to a user's account."

Literally the first sentence in the definition. If you prefer take a look at the definition on OAuth definition at https://auth0.com/docs/scopes/current/oidc-scopes. Now which part of that exactly anything about authenticating the user or goes against what i've said? You'd be well advised to take your own advice.

[Fred27]

> if you prefer we can end the discussion here

Yeah - let's do that. You're now quoting things that directly contradict your position, so I'm starting to think we're all just being trolled.